Qualified Signature Creation Devices
MATRIX Ltd. was designated by the Ministry of Interior to perform independent quality certification of qualified signature creation devices. This is done on the basis of Decree No. 41/2016. (X. 13.) BM about companies that certify the quality of qualified electronic signature and seal creation devices and the designation thereof.
According to the eIDAS regulation, certification of qualified electronic signature creation devices can be carried out the following ways, based on paragraph 3 of Article 30 of the regulation:
„(a) a security evaluation process carried out in accordance with one of the standards for the security assessment of information technology products included in the list established in accordance with the second subparagraph; or”
The certification process specified in paragraph a), is carried out in accordance with the requirements of the ISO/IEC 15408 standard family (CC) and the EN 419211 series of standards containing protection profiles. The ISO/IEC 15408 standard family regulates IT security assessment, and the latter deals with the protection profile of secure signature creation tools. We follow the domestic and international professional criteria and methodologies (Common Criteria for Information Technology Security Evaluation, Common Methodology for Information Technology Security Evaluation) as well as the relevant ethical standards (ISACA Code of Professional Ethics) during the certification process.
„(b) a process other than the process referred to in point (a), provided that it uses comparable security levels and provided that the public or private body referred to in paragraph 1 notifies that process to the Commission. That process may be used only in the absence of standards referred to in point (a) or when a security evaluation process referred to in point (a) is ongoing.”
MATRIX Ltd. has an alternative method for QSCD certification under paragraph b) in article 30. of eIDAS regulation. The certification of remote QSCD devices under EN 419241-2:2013 – Trustworthy Systems Supporting Server Signing Part 2: Protection Profile for QSCD for Server Signing standard (rQSCD) are part of this process.